Fundamental Hospitality Group – Privacy Policy

This Privacy Policy (“Policy”) is designed to help you understand how we use your Personal Data, in accordance with the applicable data protection laws and regulations in DIFC (such as DIFC Data Protection Law, DIFC Law No. 5 of 2020 and the regulations, and further guidance thereunder (the “applicable laws”).This Policy applies to Processing of Personal Data by Fundamental Hospitality which is incorporated in the Dubai International Financial Centre (DIFC).

We encourage you to read the whole Policy. Alternatively, if you wish to read about specific privacy practices that interest you, please click on the relevant links below.

PART A – PURPOSE & APPLICABILITY

PART B – YOUR PERSONAL DATA

PART C – OUR USE OF YOUR PERSONAL DATA

PART D – OTHER IMPORTANT THINGS YOU SHOULD KNOW

PART E – YOUR RIGHTS

PART A – PURPOSE & APPLICABILITY

1. Identity

We are Fundamental Hospitality Group (a Private Company incorporated and registered DIFC, Dubai) collectively referred to as “we”, “us”, “our”, the “firm” or “Fundamental Hospitality” and as applicable to the respective entity, in this Privacy policy. Fundamental Hospitality Group Holding Limited and/or its subsidiaries and affiliates, includes:

a) Gaia Restaurant Ltd., 

b) Luxury Restaurant Ltd., 

c) Alaya Restaurant Ltd., 

d) Fundamental Hospitality Operations Ltd.,

e) LPA Restaurant & Bar Ltd.,

Registered Office at DIFC: 304, Liberty House, Dubai International Financial Centre (DIFC), Dubai, UAE.

2. Our use of Personal Data

Fundamental Hospitality owns and operates venues across the Middle East and Europe, with ongoing expansion of the group’s concepts into the GCC, Europe, UK, and USA. Dubai will further see the launch of new home-grown concepts as Fundamental Hospitality continues to cement itself as the leading innovator in the hospitality industry. In connection with providing our professional services and in compliance with the applicable laws and regulations (“Applicable Law”), we collect and Process Personal Data.

3. This Privacy Policy

This is our general Privacy Policy that applies to our operations.

4. Updating this Privacy Policy

This Policy may be updated from time to time.

5. What is Personal Data?

Personal Data is any information referring to an identified or Identifiable Natural PersonThis includes information like your name, (e-mail) address and telephone number, but can also include less obvious information such as your attendance at a seminar or analysis of your use of our website(s).

Additional protection is afforded under the Law to Special Categories of Personal Data, i.e. Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership, health, and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

6. Our responsibility to you

We Process your Personal Data in our capacity as a Controller. This means that we are responsible for ensuring that we comply with the Law when Processing your Personal Data.

7. Contact Person for Data Protection

For any queries relating to our Data Processing activities or other matters under this Policy or the Law, you may contact us by:

• Sending an email to: data.privacy@fundamentalhospitality.com

PART B – YOUR PERSONAL DATA

8. Why are we collecting Personal Data about you?

We only collect Personal Data about you in connection with providing our services and conducting our normal business operations, and/ or communications to invite you to our event or sharing relevant information with you. We may hold information about you if:

• You are a customer, a representative of a customer, or the beneficial owner of a customer

• Your information is provided to us by a client or others, or we otherwise obtain your information, in connection with the service(s) we are providing a client

• You provide services to us (or you represent a company which provides services to us)

• You represent a regulator, certification body or government body which has dealings with us

• You receive our newsletter updates, or visit our offices or websites 

• You are an applicant for a job with us

• You are or were an employee of the firm

• You may have met one of our staff and have exchanged business cards or contact details

9. What Personal Data do we collect about you?

Depending on the purposes, the types of information we Process about you may include:

Types of Personal Data Details
Individual details Name, address (including proof of address), other contact details (e.g., email and telephone numbers).
Individual details Personal Data provided as part of job applications.
Financial information Bank account details for reservation purposes.

As a policy, we do not normally collect any Special Categories of Personal Data, unless such collection is warranted under specific circumstances.

10. Where do we collect your Personal Data from?

We may collect your Personal Data from various sources, including:

• You

• Your employer

• Our clients and our service providers

• Government agencies and publicly accessible registers or sources of information

The sources that apply to you will depend on the purpose for which we are collecting your Personal Data. Where we obtain your information from a third party, in particular your employer or our client, we may ask them to provide you with a copy of this Privacy Policy (or a shortened version of it) to ensure that you know we are Processing your information and the purpose for such Processing.

PART C – OUR USE OF YOUR PERSONAL DATA

11. How do we use your Personal Data?

In this section we set out in more detail:

• The main purposes for which we Process your Personal Data

• The lawful bases upon which we are Processing your Personal Data

Purpose for Processing Lawful basis for Processing
Know Your Client and other legal obligations
We also collect and disclose Personal Data under applicable legislation and under orders from courts and regulators. Our disclosures will be to those bodies and persons who are entitled to receive the required information.In some cases, this information may include Special Categories of Personal Data, to the extent required by us to ensure compliance with Applicable Law.
For Personal Data
Compliance with Applicable Law that we are subject to. For Special Categories of Personal Data
To comply with Applicable Law that applies to us.
Suppliers
We collect information about you in connection with your provision of services to us or your position as a representative of a provider of services to us. We do not collect Special Categories of Personal Data for this purpose, other than where we are required to do so to meet our legal obligations (see ‘Anti-Money Laundering and other legal obligations’ above).
For Personal Data
Performance of an engagement. 
Visitors to our websites
Where you provide us with Personal Data on our Website(s) for the purpose of inquiring about our services, we will only use it for the purpose for communicating with you in connection to your request.Most of our websites use a small number of non-intrusive cookies to help them work more efficiently and to provide us with information on how the website is being used.You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons. 
For Personal Data
Legitimate interests for business development purposes
Visitors to our offices
We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need-to-know basis (e.g. to investigate an incident).Visitors to our offices may be required to sign in and sign out at building reception in accordance with the building’s security policies. In addition, we may also maintain visitor records ourselves, which are securely stored and only accessible on a need to know basis (e.g. to investigate an incident).
For Personal Data
Legitimate interests for information security and physical security purposes
Staff Recruitment
We ask you to provide Personal Data to us as part of your job application. We will also conduct checks in order to verify your identity and the information in your application as well as to obtain further information about your suitability for a role within the firm. This may include obtaining information from regulators, anti-money laundering databases, sanctions lists, etc.In some cases, this information will include Special Categories of Personal Data, where such information is required for the purpose of pre-employment verification checks or other employment-related Processing.
For Personal Data
(1) For compliance with Applicable Law that we are subject to; and
(2) Legitimate interests to prevent fraud.
For Special Categories of Personal Data
For carrying out our obligations and exercising our rights in the context of the Data Subject’s employment.
Former Staff
We retain Personal Data of former staff members to the extent that we have a statutory obligation to do so.
For all Personal Data
For compliance with Applicable Law that we are subject to

 

12. Consent 

We do not generally Process your Personal Data based on your consent (as we can usually rely on another lawful basis). Where we do Process your Personal Data based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact details mentioned in Section 7 above.

13. Do we share your information with anyone else?

We do not sell your information nor make it generally available to others. However, we may share your information in the following circumstances:

• Fundamental Hospitality is a UAE born company which has its foundation based internationally as well in companies such as:  United Kingdom, Spain, France and Monaco. Depending on the engagement or on your request, we may transfer Personal Data to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection – DIFC) take place, we take appropriate measures to protect Personal Data in accordance with the Law.

• We may Process Personal Data of customers, or representatives or beneficial owners of clients, through screening databases or search engines for identity verification or background screening.

• Depending on the scope of our services, we may require the assistance of various external professional service providers, based in or out of the Firm. The use of these external service providers may involve the service provider receiving your Personal Data from us, and some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection – DIFC take place, we take appropriate measures to protect Personal Data in accordance with the Law.)

• We use the support services of various external companies to help us run our business efficiently, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) may involve the service provider Processing your Personal Data. Some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection – DIFC take place, we take appropriate measures to protect Personal Data in accordance with the Law.

• We may share your Personal Data with other third parties, such as relevant regulators or other authorities, where we are required to do so to comply with legal or regulatory requirements.

In each case where we share your Personal Data with other parties, whether or not in an adequate jurisdiction (as defined by the Commissioner of Data Protection – DIFC, we take appropriate measures and ensure that the relevant party is contractually required to keep such Personal Data safe, secure and confidential in accordance with the minimum standards under the Law.

PART D – OTHER IMPORTANT INFORMATION

14.  Keeping your Personal Data safe

We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorised disclosure of the Personal Data we Process.

15. Profiling and automated decision making

We do not use profiling (where an electronic system uses Personal Data to try and predict something about you) or automated decision making (where an electronic system uses Personal Data to make a decision about you without human intervention).

16. How long do we keep your Personal Data?

We retain your Personal Data in accordance with our data retention policy which categorises all the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of the relevant laws and regulations of the DIFC and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

17. Cross-border transfers of your Personal Data

Normally, we do not transfer Personal Data outside the DIFC, as applicable, other than in the specific circumstances indicated in Section 13 above.

Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection – DIFC) take place, we take appropriate measures in accordance with the Law.

PART E – YOUR RIGHTS

18. Contacting us and your rights

If you have any questions in relation to our use of your Personal Data, please email us using the contact details provided in Section 7 above.

Subject to certain exceptions outlined in the Law, you have the right to require us to:

• Provide you with further details on the nature of your Personal Data held by us and the use we make of your Personal Data, including any sharing or transfer thereof;

• Provide you with a copy of the Personal Data we hold about you;

• Update any inaccuracies in the Personal Data we hold about you;

• Delete any of your Personal Data that we no longer have a lawful basis to use or that you have withdrawn your consent for us to Process;

• Where Processing is based only on consent, stop that particular Processing by withdrawing your consent;

• Object to any Processing based on our legitimate interests unless our reasons for undertaking that Processing outweigh any prejudice to your data protection rights;

• Restrict how we use your Personal Data during such time that the accuracy of the Personal Data, the lawful basis for Processing your Personal Data or our overriding legitimate interest in continuing to Process your Personal Data, is being contested by you; and

• Transfer your Personal Data to you or a third party in a structured, commonly used and machine-readable format, to the extent that such Personal Data is automatically Processed and where the lawful basis for such Processing is your consent or for the performance of a contract.

In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. responding to regulatory requests), or in accordance with other exceptions and limitations specified in the Law.

19. Your right to complain

If you are not satisfied with our use of your Personal Data or our response to any request by you to exercise your rights, or if you think that we have breached any relevant provision of the Law, then you have the right to complain to the authority that supervises our Processing of your Personal Data.

Our data protection supervisory authority is the DIFC Commissioner of Data Protection in relation to DIFC and Office of Data Protection in, as applicable, whose contact details are as follows:

Address:       Office of the Commissioner of Data Protection,

                        Dubai International Financial Centre Authority,

                        Level 14, The Gate, DIFC,

                        PO Box 74777, Dubai, UAE

Telephone: +971 4 362 2223

Website:      www.difc.ae/business/operating/data-protection/

Email:           commissioner@dp.difc.ae

Login